Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

Slides:



Advertisements
Similar presentations
Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.
Advertisements

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.
Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.
Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.
Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.
Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.
What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory Professor Peter P. Swire George Washington.
Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.
A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.
Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.
Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Chapter 1  Introduction 1 Chapter 1: Introduction.
Social Context of Computing Chapter 7. Digital Divide  Technological inequalities  Impact of communication technologies  Radio  Television  Press.
“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.
Beyond “I Fought The Law” Educating Law Enforcement about Privacy Services Adam Shostack.
A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.
PowerPoint® Slides to Accompany
The Business Contribution to Development and Safe Trade UN Economic Commission for Europe Second International Forum on Trade Facilitation, 15 May 2003.
A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.
Computers in Society Encryption. Shameless Plug Catch the kayak club trip to Glenwood on Saturday. Fun!
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Telecommunications in India Arun Babu Helen Ezenwa Parul Parikh Ajay Patel.
Encryption and Interception of Communications Presented by: Emmanuel Sotelo Sassja Ceballos Chapter 3.
Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.
Cryptography and Public Policy Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Welcome to CS 395/495 Measurement and Analysis of Online Social Networks.
Encryption Export Controls in the US Preliminary Research.
Ethical Issues with Cryptography Regulation  Assistance to law enforcement AND  Threats to privacy  Unfair search of property  Obstruction of free.
Introduction Our Topic: Mobile Security Why is mobile security important?
Conflicting Privacy Regimes: (1) Encryption and (2) Access to Cloud Records Peter Swire Ohio State University Future of Privacy Forum IAPP Global Summit.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
CS 4001Mary Jean Harrold1 Class 9 ŸQuestions about term paper—list of possible topics available on line—proposal due 9/27 ŸCommunications assignment—discuss.
CS 4001Mary Jean Harrold1 Class 8 ŸQuestions about term paper—list of possible topics available later today ŸCommunications discussion ŸCommunications.
CPS Today’s topics Computer Applications Computer Security Upcoming Operating Systems ( Great Ideas, Chapter 10) Reading Great Ideas, Chapter.
From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project.
How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.
Legal aspects Based on Law in the Internet Age Sharon K. Black.
Anderson School of Management University of New Mexico.
Reasons to Support Strong Encryption for a Globally Secure Internet Professor Peter Swire Ohio State University U.S. Technology Training Institute Washington,
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New.
CYBERWARFARE LAW AND POLICY PROPOSALS FOR U.S. AND GLOBAL GOVERNANCE By Stuart S. Malawer, J.D., Ph.D. Distinguished Service Professor of Law & International.
Can there be privacy in networks ? Dr. Alexander Dix Berlin Commissioner for Data Protection and Freedom of Information Chairman of the International Working.
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
CS 4001Mary Jean Harrold1 Intercepting Communications Thanks to Sherry Clark for her notes.
Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.
Cracking the DES Encryption
6° of Darkness or Using Webs of Trust to Solve the Problem of Global Indexes.
By; Kigozi Jimmy Andrew Graduate School of International Studies, Korea University
Economics Journal Global Economics Week of Nov
Mid Term Review: Wood Products – a global perspective What is and will be the key drivers for the global business environment for the first half of this.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Battlefield Model United Nations Teaching Session #1 Position Papers.
Prof. Peter Swire Georgia Tech Senior Counsel, Alston & Bird Sayers Security Conference/Curio Tech Summit Atlanta March 22, 2016 How Should Apple Balance.
Privacy Déjà Vu: Crypto, Government Surveillance and Safe Harbor, Peter Swire Georgia Tech/Alston & Bird IAPP Summit April 4, 2016.
Encryption Power Crunch Tyler Morgan. Encryption & Cryptography What it is, methods, and brief description of cryptography.
Understanding Security Policies Lesson 3. Objectives.
Modeling security 1. Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext.
“Privacy and Cybersecurity Law in India and the U.S.”
PowerPoint® Slides to Accompany
PowerPoint® Slides to Accompany
Attribution & the globalization of criminal evidence
A Brief History of the Crypto Wars
PowerPoint® Slides to Accompany
Introduction Security Intro 1.
Presentation transcript:

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011

Overview Task: Update and explain why good encryption law/policy matters, 12 years after U.S. crypto wars ended Outline of paper: – India and China update – From wiretaps to the Internet Importance of strong crypto to the Internet – 2 arguments for strong crypto in globalized setting Crypto helps cybersecurity Least trusted country problem – Answer 3 objections made by those who oppose strong crypto – A proposed way to reconcile CALEA (foster wiretaps) and strong crypto (limits effectiveness of wiretaps)

India 40 bit legal limit on key length, since 90s Mumbai attack, 2008 RIM and newly vigorous enforcement Security agencies insist on ability to wiretap in real time Waiting for new policy – Maybe key escrow – Maybe new import license restrictions

China Encourage domestic crypto – Soft law that encryption ok only if it is not the “core function” Microprocessors, PCs, mobile phones OK VPNs are not OK, “core function” is crypto Great uncertainty about meaning of “core function” – China is trying to require home-grown encryption for hardware and software Lack of peer review to date of their algorithms – A goal appears to be to spread those algorithms throughout China and then into global supply chain

Background Part of Paper Paper gives background for those new to the debate: – Intro to wiretaps, for phone and online – Intro to encryption Categories of attacks/vulnerabilities – History of crypto wars in the 1990s Administration changed position in 1999, can export strong crypto Lessons learned, apply to the globalized debate today

Bob ISP Alice ISP %!#&*YJ#$ Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$

Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Brute force attacks became more effective due to Moore’s Law; 40 bits was already breakable in mid-90’s From a few telcos to many millions of nodes on the Internet – Hackers – Criminals – Foreign governments – Amateurs Strong encryption as feasible and correct answer – Scaled well for many applications (SSL, HTTPS, in chips) as Internet users went over one billion

I. Crypto Essential to Cybersecurity Public awareness of cybersecurity grown a lot since 1999 Increasing importance of computing & thus cybersecurity Crypto deeply embedded in modern computing: – SSL, HTTPS, VPNs, Skype/VOIP, Bitlocker, etc. Offense is ahead of the defense – The world is our bad neighborhood – Defense and the weakest link problem – Crypto as perhaps the largest category for effective defensive – Don’t play cybersecurity with two hands tied behind your back

II. The Least Trusted Country Problem 1990’s Clipper chip debate – Many expressed lack of trust in government access to the keys Globalization and today’s encryption debate – What if a dozen or 50 countries with the keys, or enforced crypto limits? – What if your communications in the hands of your least trusted country? India/Pakistan; China/Taiwan; Israel/Iran – Don’t create security holes in global Internet, especially for billions of people

Responses to Common Concerns “They” have a backdoor “Going dark” vs. “golden age of encryption” – Paper concludes the latter is more accurate Trade policy and domestic industry

Possible Topics for Questions/Discussion Lessons from the Crypto wars of the 1990’s Strong crypto and insecure channel of the Internet Crypto as important to cybersecurity Least trusted country problem Backdoors to “them” as excuse for limits on encryption Going dark vs. modern surveillance advantages Others?